Do not throw PNSE exception from NegotiateAuthentication constructor, report Unsupported status instead (#91753)

Co-authored-by: Carlos Sánchez López <[email protected]>

Author: filipnavara

src/libraries/System.Net.Http/tests/FunctionalTests/NtAuthTests.FakeServer.cs

@@ -139,5 +139,32 @@ await server.AcceptConnectionAsync(async connection =>
                     }).ConfigureAwait(false);
                 });
         }
+
+        [Fact]
+        [SkipOnPlatform(TestPlatforms.Browser | TestPlatforms.Windows, "DefaultCredentials are unsupported for NTLM on Unix / Managed implementation")]
+        public async Task DefaultHandler_FakeServer_DefaultCredentials()
+        {
+            await LoopbackServer.CreateClientAndServerAsync(
+                async uri =>
+                {
+                    HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, uri);
+                    requestMessage.Version = new Version(1, 1);
+                    HttpMessageHandler handler = new HttpClientHandler() { Credentials = CredentialCache.DefaultCredentials };
+                    using (var client = new HttpClient(handler))
+                    {
+                        HttpResponseMessage response = await client.SendAsync(requestMessage);
+                        Assert.Equal(HttpStatusCode.Unauthorized, response.StatusCode);
+                    }
+                },
+                async server =>
+                {
+                    await server.AcceptConnectionAsync(async connection =>
+                    {
+                        var authHeader = "WWW-Authenticate: NTLM\r\n";
+                        await connection.SendResponseAsync(HttpStatusCode.Unauthorized, authHeader).ConfigureAwait(false);
+                        connection.CompleteRequestProcessing();
+                    }).ConfigureAwait(false);
+                });
+        }
     }
 }

src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Managed.cs

@@ -9,16 +9,23 @@ internal abstract partial class NegotiateAuthenticationPal
     {
         public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOptions clientOptions)
         {
-            switch (clientOptions.Package)
+            try
             {
-                case NegotiationInfoClass.NTLM:
-                    return new ManagedNtlmNegotiateAuthenticationPal(clientOptions);
+                switch (clientOptions.Package)
+                {
+                    case NegotiationInfoClass.NTLM:
+                        return new ManagedNtlmNegotiateAuthenticationPal(clientOptions);
 
-                case NegotiationInfoClass.Negotiate:
-                    return new ManagedSpnegoNegotiateAuthenticationPal(clientOptions);
+                    case NegotiationInfoClass.Negotiate:
+                        return new ManagedSpnegoNegotiateAuthenticationPal(clientOptions);
 
-                default:
-                    return new UnsupportedNegotiateAuthenticationPal(clientOptions);
+                    default:
+                        return new UnsupportedNegotiateAuthenticationPal(clientOptions);
+                }
+            }
+            catch (PlatformNotSupportedException)
+            {
+                return new UnsupportedNegotiateAuthenticationPal(clientOptions);
             }
         }
 

src/libraries/System.Net.Security/src/System/Net/NegotiateAuthenticationPal.Unix.cs

@@ -23,20 +23,20 @@ internal partial class NegotiateAuthenticationPal
 
         public static NegotiateAuthenticationPal Create(NegotiateAuthenticationClientOptions clientOptions)
         {
-            if (UseManagedNtlm)
+            try
             {
-                switch (clientOptions.Package)
+                if (UseManagedNtlm)
                 {
-                    case NegotiationInfoClass.NTLM:
-                        return new ManagedNtlmNegotiateAuthenticationPal(clientOptions);
+                    switch (clientOptions.Package)
+                    {
+                        case NegotiationInfoClass.NTLM:
+                            return new ManagedNtlmNegotiateAuthenticationPal(clientOptions);
 
-                    case NegotiationInfoClass.Negotiate:
-                        return new ManagedSpnegoNegotiateAuthenticationPal(clientOptions, supportKerberos: true);
+                        case NegotiationInfoClass.Negotiate:
+                            return new ManagedSpnegoNegotiateAuthenticationPal(clientOptions, supportKerberos: true);
+                    }
                 }
-            }
 
-            try
-            {
                 return new UnixNegotiateAuthenticationPal(clientOptions);
             }
             catch (Win32Exception)